Benevity app FAQs

For any questions not listed below, please contact your Benevity Client Success Manager or email the Benevity app team at mobile@benevity.org.

General FAQ

Can I demo the app before enabling it?

Yes. Speak to your Benevity Client Success Manager.

Where can people download the app?

How do I enable the app?

Program leaders with the “site settings manager” role can enable the app in one click from the Spark admin dashboard!

If you require assistance with enabling the app, contact your Client Success Manager.

How do I roll out the app to my people? Do you have a best practices guide?

Check out our Application Rollout Guide which contains best practices, launch tips/ideas and an implementation checklist.

Can I customize the app for my company?

There is one Benevity app available to download and there are no plans to create any customized versions. However, once your people are signed in, they will see your company’s branding, just as they would on the website version of Spark.

How do people sign in?

Whether your people are signing in on a desktop computer, mobile browser or in the Benevity app, they use the same login process. This means no additional configurations are required for the app. Depending on your login setup, there are three possible scenarios for signing in:

    • SSO only: Users are taken directly to their company’s single sign-on screen.
    • SSO or username/password: Users are offered the choice of which sign-in method they would like to use.
    • Username/password only: Users can enter their username/password. If two-factor authentication is configured as part of your single sign-on, it will work the same way as it does when signing in to the desktop version of Spark. If the person’s device supports fingerprint login, Touch ID or Face ID, they will be asked if they would like to use that option the next time they sign in.

How much does it cost to enable or use the app?

The app is free to enable and use.

Will the donations and volunteering activities done through the app appear on the website?

The Benevity app and desktop version of Spark share the same information, so any donations, volunteering or tracked Missions activities will appear on both the app and the website.

Security FAQ

Does the app include new terms of use?

No, the terms of use have not changed.

Do Benevity’s existing Spark controls apply?

The Benevity app is a “skin” or “wrapper” on Spark, so know that you can continue to rely on the same Spark controls and policies that are already in place! For a current version of Benevity’s comprehensive security package, please reach out to your Client Success Manager.

What security testing has been performed on the app?

An independent third party scrutinizes each version of the Benevity app for a wide variety of vulnerabilities and privacy concerns, including the Open Web Application Security Project’s (OWASP) Top Ten for Mobile Application Security Testing. Additionally, the independent third party performs penetration testing of the app on a bi‑annual basis.

Does the app store confidential/ sensitive application data?

The Benevity app does not store any personal information; however, some authentication tokens and information about the particular program that are critical to the app’s functionality are stored. On Android, these are on the device in EncryptedSharedPreferences, supported by the Android Keystore which uses hardware-backed keys. On iOS devices they are stored in the iOS Keychain.

What happens if we haven’t enabled the app but an employee downloads it from the app store?

If an employee attempts to log in, they will receive a message stating the app isn’t available for their program yet and to contact their admin. Rest assured, access to the app is disabled by default.

What security measures are in place to prevent misuse of the app on an employee’s phone?

In the event of a lost device, a user can revoke access to their app account from Spark.

A third party that gained access to the phone would still need to use fingerprint login, Touch ID or Face ID to open the app. If those failed, they would be asked to enter the username and password.

If a user were to leave their phone unlocked while signed into the app, the app would lock after 10 minutes of no activity and the user would be asked to authenticate again. Whenever the app is put into the background for longer than 10 minutes, when someone takes a call or switches to another app, the Benevity app will ask them to re‑authenticate when they return to it.

Does the Benevity app support remote data wiping and management?

Although the app doesn’t currently allow for wiping data remotely, users can revoke app account access from the Spark website if their device is lost or stolen. However, if your company has a mobile device management system, the entire app could be removed from a device remotely.

What permissions does the Benevity app use?

iOS - Photo selection, camera actions and location data are governed by iOS and the user can choose to allow or deny access.

Android - Photo selection and camera actions are governed by Android OS and the user can choose to allow or deny access. No additional permissions are required.

Activity Stream FAQ

Are the photos visible on the web?

Yes, administrator or management features are available to allow users to view photos on your program's website.

What if someone uploads something inappropriate?

Every photo that is uploaded can be reported by another user. If a photo is reported, it is immediately removed from employee view. You and other program managers will be notified. You can then review the photo (and the reason it was reported) to determine if the photo is reinstated or remains hidden.

What about photo releases?

We provide a platform to collect and view photos within the program, but use outside the platform is governed by your company policies. You can choose which employees have access to download posts. If you do not grant anyone this access, the original posts remain within the platform. If you receive permission from employees to use the photos internally and/or externally, you can grant a team member access to download the original content to use in your communications.

Do the photos contain any sensitive information?

When a photo is taken, metadata is included that may contain location information, captions or keywords that were manually or automatically added, as well as information about the camera. When a photo is added to Activity Streams, a new version of the image is created with the extra metadata removed. This ensures that private information in the metadata cannot be accessed by program managers or people viewing the photos on the web.

What happens if the Public Profile Preview is disabled when Activity Streams is on?

Past posts (done when the Public Profile Preview was enabled) will continue to display the profile picture and name that was in use when the post was created. New posts that are added will display "A Volunteer" as the name.

Which name appears on the post?

The <firstname> and <lastname> will appear, unless a preferred name exists.

How long are photos retained?

Posts will be retained as long as your company remains active with Benevity (even if the feature is enabled and disabled). If a post is deleted by an administrator or the owner of the post, the photo(s) will also be deleted.

Was this article helpful?
2 out of 3 found this helpful